workiom-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill demonstrates a vulnerability to indirect prompt injection due to its reliance on external data to guide agent logic.
- Ingestion points: Data enters the context via the
RUBE_SEARCH_TOOLScommand, which returns tool schemas, recommended execution plans, and pitfalls from therube.appAPI. - Boundary markers: Absent. There are no instructions or delimiters used to warn the agent to treat the retrieved search results as untrusted or to ignore embedded instructions within those results.
- Capability inventory: The skill allows the agent to perform a wide range of actions via
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH, including executing bulk operations. - Sanitization: Absent. The agent is explicitly told to use the exact field names, types, and execution plans returned from the search results without validation.
- [External Reference] (LOW): The skill directs users to add an external MCP server (
https://rube.app/mcp) which is not on the list of trusted providers. While standard for MCP usage, it introduces a dependency on an unverified third-party service.
Audit Metadata